@omindu/yaksha 1.0.0

package/src/server/index.js

@@ -0,0 +1,551 @@
+'use strict';
+
+/**
+ * Yaksha VPN Server
+ * High-performance VPN server with advanced features
+ */
+
+const net = require('net');
+const dgram = require('dgram');
+const EventEmitter = require('events');
+const crypto = require('crypto');
+
+const Protocol = require('../core/protocol');
+const Encryption = require('../core/encryption');
+const Authentication = require('../security/auth');
+const SecurityLevels = require('../security/levels');
+const Config = require('../utils/config');
+const Logger = require('../utils/logger');
+
+class YakshaServer extends EventEmitter {
+  constructor(options = {}) {
+    super();
+
+    // Configuration
+    this.config = new Config(options);
+    this.port = options.port || 8443;
+    this.host = options.host || '0.0.0.0';
+    this.securityLevel = options.securityLevel || 'medium';
+    this.maxConnections = options.maxConnections || 10000;
+    this.authMethod = options.authMethod || 'token';
+    this.customSecurityConfig = options.customSecurityConfig || null;
+
+    // Security configuration
+    if (this.securityLevel === 'custom' && this.customSecurityConfig) {
+      this.securityConfig = SecurityLevels.createCustomConfig(
+        this.customSecurityConfig,
+        this.customSecurityConfig.baseLevel || 'medium'
+      );
+    } else {
+      this.securityConfig = SecurityLevels.getConfig(this.securityLevel);
+    }
+
+    // Core components
+    this.protocol = new Protocol({
+      maxPayloadSize: options.maxPayloadSize || 65535,
+      enablePadding: this.securityConfig.obfuscation !== 'none'
+    });
+
+    this.auth = new Authentication(this.authMethod, {
+      maxAttempts: 10,
+      lockoutDuration: 300000,
+      sessionTimeout: 3600000
+    });
+
+    this.logger = new Logger({
+      prefix: 'Server',
+      level: options.logLevel || 'info'
+    });
+
+    // Server state
+    this.tcpServer = null;
+    this.udpSocket = null;
+    this.clients = new Map(); // sessionId -> client info
+    this.running = false;
+
+    // Statistics
+    this.stats = {
+      startTime: null,
+      connections: 0,
+      activeConnections: 0,
+      bytesReceived: 0,
+      bytesSent: 0,
+      packetsReceived: 0,
+      packetsSent: 0,
+      errors: 0
+    };
+  }
+
+  /**
+   * Start the VPN server
+   */
+  async start() {
+    if (this.running) {
+      throw new Error('Server is already running');
+    }
+
+    this.logger.info(`Starting Yaksha VPN Server v1.1.0`);
+    this.logger.info(`Security Level: ${this.securityLevel.toUpperCase()}`);
+    this.logger.info(`Port: ${this.port}`);
+
+    try {
+      // Start TCP server (control channel)
+      await this._startTCPServer();
+
+      // Start UDP socket (data channel)
+      await this._startUDPSocket();
+
+      this.running = true;
+      this.stats.startTime = Date.now();
+
+      this.emit('listening', {
+        host: this.host,
+        port: this.port
+      });
+
+      this.logger.info(`Server listening on ${this.host}:${this.port}`);
+    } catch (error) {
+      this.logger.error('Failed to start server:', error.message);
+      await this.stop();
+      throw error;
+    }
+  }
+
+  /**
+   * Start TCP server for control channel
+   */
+  _startTCPServer() {
+    return new Promise((resolve, reject) => {
+      this.tcpServer = net.createServer((socket) => {
+        this._handleNewConnection(socket);
+      });
+
+      this.tcpServer.on('error', (error) => {
+        this.logger.error('TCP server error:', error.message);
+        this.stats.errors++;
+        this.emit('error', error);
+        reject(error);
+      });
+
+      this.tcpServer.listen(this.port, this.host, () => {
+        this.logger.debug('TCP server started');
+        resolve();
+      });
+    });
+  }
+
+  /**
+   * Start UDP socket for data channel
+   */
+  _startUDPSocket() {
+    return new Promise((resolve, reject) => {
+      this.udpSocket = dgram.createSocket('udp4');
+
+      this.udpSocket.on('message', (data, rinfo) => {
+        this._handleUDPData(data, rinfo);
+      });
+
+      this.udpSocket.on('error', (error) => {
+        this.logger.error('UDP socket error:', error.message);
+        this.stats.errors++;
+        this.emit('error', error);
+      });
+
+      this.udpSocket.bind(this.port, this.host, () => {
+        this.logger.debug('UDP socket started');
+        resolve();
+      });
+    });
+  }
+
+  /**
+   * Handle new TCP connection
+   */
+  _handleNewConnection(socket) {
+    const clientAddress = `${socket.remoteAddress}:${socket.remotePort}`;
+    this.logger.info(`New connection from ${clientAddress}`);
+
+    // Check connection limit
+    if (this.clients.size >= this.maxConnections) {
+      this.logger.warn(`Connection limit reached, rejecting ${clientAddress}`);
+      socket.end();
+      return;
+    }
+
+    // Create client session
+    const sessionId = crypto.randomInt(1, 0xFFFFFFFF);
+    const client = {
+      sessionId,
+      socket,
+      address: socket.remoteAddress,
+      port: socket.remotePort,
+      authenticated: false,
+      encryption: new Encryption(this.securityLevel, {
+        customConfig: this.securityLevel === 'custom' ? this.securityConfig : null
+      }),
+      sequence: 0,
+      receivedSequence: 0,
+      connectedAt: Date.now(),
+      lastActivity: Date.now()
+    };
+
+    // Generate encryption keys
+    client.encryption.generateKeys();
+
+    this.clients.set(sessionId, client);
+    this.stats.connections++;
+    this.stats.activeConnections++;
+
+    // Set up socket handlers
+    let buffer = Buffer.alloc(0);
+
+    socket.on('data', (data) => {
+      buffer = Buffer.concat([buffer, data]);
+      
+      try {
+        while (buffer.length >= 16) { // Minimum header size
+          const result = this._handleTCPData(buffer, client);
+          
+          if (result.bytesProcessed === 0) {
+            break; // Need more data
+          }
+
+          buffer = buffer.slice(result.bytesProcessed);
+        }
+      } catch (error) {
+        this.logger.error(`Error processing data from ${clientAddress}:`, error.message);
+        this.stats.errors++;
+      }
+    });
+
+    socket.on('error', (error) => {
+      this.logger.error(`Socket error for ${clientAddress}:`, error.message);
+      this.stats.errors++;
+    });
+
+    socket.on('close', () => {
+      this.logger.info(`Connection closed: ${clientAddress}`);
+      this.clients.delete(sessionId);
+      this.stats.activeConnections--;
+      this.emit('disconnection', sessionId, clientAddress);
+    });
+
+    // Send handshake initiation
+    this._sendHandshakeResponse(client);
+
+    this.emit('connection', sessionId, clientAddress);
+  }
+
+  /**
+   * Handle TCP data
+   */
+  _handleTCPData(buffer, client) {
+    try {
+      // Parse packet
+      const { header, payload, totalSize } = this.protocol.deserialize(buffer);
+
+      this.stats.packetsReceived++;
+      this.stats.bytesReceived += totalSize;
+      client.lastActivity = Date.now();
+
+      // Handle different packet types
+      switch (header.type) {
+        case Protocol.PACKET_TYPES.HANDSHAKE:
+          this._handleHandshake(payload, client);
+          break;
+
+        case Protocol.PACKET_TYPES.DATA:
+          this._handleData(payload, client);
+          break;
+
+        case Protocol.PACKET_TYPES.KEEPALIVE:
+          this._handleKeepalive(payload, client);
+          break;
+
+        case Protocol.PACKET_TYPES.CLOSE:
+          this._handleClose(payload, client);
+          break;
+
+        default:
+          this.logger.warn(`Unknown packet type: ${header.type}`);
+      }
+
+      return { bytesProcessed: totalSize };
+    } catch (error) {
+      // Not enough data or parse error
+      return { bytesProcessed: 0 };
+    }
+  }
+
+  /**
+   * Handle UDP data
+   */
+  _handleUDPData(data, rinfo) {
+    try {
+      // Parse packet to extract session ID
+      const header = this.protocol.parseHeader(data);
+      const client = this.clients.get(header.sessionId);
+
+      if (!client || !client.authenticated) {
+        this.logger.warn(`UDP packet from unauthenticated session: ${header.sessionId}`);
+        return;
+      }
+
+      // Process packet
+      const { payload } = this.protocol.deserialize(data);
+
+      this.stats.packetsReceived++;
+      this.stats.bytesReceived += data.length;
+      client.lastActivity = Date.now();
+
+      // Handle data packet
+      this._handleData(payload, client, 'udp');
+
+    } catch (error) {
+      this.logger.error('Error processing UDP data:', error.message);
+      this.stats.errors++;
+    }
+  }
+
+  /**
+   * Send handshake response
+   */
+  _sendHandshakeResponse(client) {
+    // Send server public key for key exchange
+    const handshakeData = JSON.stringify({
+      version: '1.1.0',
+      sessionId: client.sessionId,
+      publicKey: client.encryption.keys.publicKey 
+        ? client.encryption.keys.publicKey.toString('base64')
+        : null,
+      securityLevel: this.securityLevel,
+      features: this.securityConfig
+    });
+
+    const { packet } = this.protocol.createHandshake(
+      client.sessionId,
+      client.sequence++,
+      Buffer.from(handshakeData, 'utf8')
+    );
+
+    client.socket.write(packet);
+    this.stats.packetsSent++;
+    this.stats.bytesSent += packet.length;
+  }
+
+  /**
+   * Handle handshake
+   */
+  _handleHandshake(payload, client) {
+    try {
+      const handshake = JSON.parse(payload.toString('utf8'));
+
+      // Perform key exchange if client provided public key
+      if (handshake.clientPublicKey) {
+        const clientPublicKey = Buffer.from(handshake.clientPublicKey, 'base64');
+        client.encryption.keyExchange(clientPublicKey);
+      }
+
+      // Authenticate client
+      if (handshake.credentials) {
+        const authResult = this._authenticateClient(handshake.credentials, client);
+        
+        if (authResult.success) {
+          client.authenticated = true;
+          this.logger.info(`Client authenticated: session ${client.sessionId}`);
+          
+          // Send authentication success
+          this._sendAuthResponse(client, true);
+        } else {
+          this.logger.warn(`Authentication failed for session ${client.sessionId}`);
+          this._sendAuthResponse(client, false, authResult.reason);
+          
+          // Close connection after failed auth
+          setTimeout(() => client.socket.end(), 1000);
+        }
+      }
+
+    } catch (error) {
+      this.logger.error('Error handling handshake:', error.message);
+    }
+  }
+
+  /**
+   * Authenticate client
+   */
+  _authenticateClient(credentials, client) {
+    // This is a simplified implementation
+    // In production, use proper authentication based on auth method
+    
+    switch (this.authMethod) {
+      case 'password':
+        return this.auth.authenticatePassword(credentials.username, credentials.password);
+      
+      case 'token':
+        return this.auth.authenticateToken(credentials.identifier, credentials.token);
+      
+      case 'certificate':
+        return this.auth.authenticateCertificate(
+          credentials.identifier,
+          credentials.certificate,
+          credentials.totpToken
+        );
+      
+      default:
+        return { success: false, reason: 'Unknown auth method' };
+    }
+  }
+
+  /**
+   * Send authentication response
+   */
+  _sendAuthResponse(client, success, reason = '') {
+    const response = JSON.stringify({ success, reason });
+    const { packet } = this.protocol.createData(
+      client.sessionId,
+      client.sequence++,
+      Buffer.from(response, 'utf8')
+    );
+
+    client.socket.write(packet);
+    this.stats.packetsSent++;
+    this.stats.bytesSent += packet.length;
+  }
+
+  /**
+   * Handle data packet
+   */
+  _handleData(payload, client, protocol = 'tcp') {
+    if (!client.authenticated) {
+      this.logger.warn(`Data from unauthenticated client: session ${client.sessionId}`);
+      return;
+    }
+
+    // Decrypt data if encrypted
+    try {
+      // In production, decrypt payload here
+      // const decrypted = client.encryption.decrypt(...);
+
+      this.emit('data', {
+        sessionId: client.sessionId,
+        data: payload,
+        protocol
+      });
+
+    } catch (error) {
+      this.logger.error('Error handling data:', error.message);
+    }
+  }
+
+  /**
+   * Handle keepalive
+   */
+  _handleKeepalive(payload, client) {
+    // Respond with keepalive ACK
+    const { packet } = this.protocol.createKeepalive(
+      client.sessionId,
+      client.sequence++
+    );
+
+    client.socket.write(packet);
+    this.stats.packetsSent++;
+  }
+
+  /**
+   * Handle close
+   */
+  _handleClose(payload, client) {
+    const reason = payload.toString('utf8');
+    this.logger.info(`Client closing connection: session ${client.sessionId}, reason: ${reason}`);
+    client.socket.end();
+  }
+
+  /**
+   * Send data to client
+   */
+  sendToClient(sessionId, data, protocol = 'tcp') {
+    const client = this.clients.get(sessionId);
+    
+    if (!client || !client.authenticated) {
+      throw new Error('Client not found or not authenticated');
+    }
+
+    // Encrypt data if needed
+    // const encrypted = client.encryption.encrypt(data);
+
+    const { packet } = this.protocol.createData(
+      client.sessionId,
+      client.sequence++,
+      data
+    );
+
+    if (protocol === 'tcp') {
+      client.socket.write(packet);
+    } else {
+      this.udpSocket.send(packet, client.port, client.address);
+    }
+
+    this.stats.packetsSent++;
+    this.stats.bytesSent += packet.length;
+  }
+
+  /**
+   * Get server statistics
+   */
+  getStats() {
+    const uptime = this.stats.startTime 
+      ? Date.now() - this.stats.startTime
+      : 0;
+
+    return {
+      ...this.stats,
+      uptime,
+      clients: this.clients.size
+    };
+  }
+
+  /**
+   * Stop the server
+   */
+  async stop() {
+    if (!this.running) {
+      return;
+    }
+
+    this.logger.info('Stopping server...');
+    this.running = false;
+
+    // Close all client connections
+    for (const [sessionId, client] of this.clients.entries()) {
+      try {
+        const { packet } = this.protocol.createClose(
+          client.sessionId,
+          client.sequence++,
+          'Server shutting down'
+        );
+        client.socket.write(packet);
+        client.socket.end();
+      } catch (error) {
+        // Ignore errors during shutdown
+      }
+    }
+
+    this.clients.clear();
+
+    // Close servers
+    if (this.tcpServer) {
+      await new Promise(resolve => this.tcpServer.close(resolve));
+      this.tcpServer = null;
+    }
+
+    if (this.udpSocket) {
+      await new Promise(resolve => this.udpSocket.close(resolve));
+      this.udpSocket = null;
+    }
+
+    this.emit('stopped');
+    this.logger.info('Server stopped');
+  }
+}
+
+module.exports = YakshaServer;

package/src/utils/buffer-pool.js

@@ -0,0 +1,150 @@
+'use strict';
+
+/**
+ * Yaksha Buffer Pool - Zero-copy buffer management
+ * Pre-allocates buffers to reduce GC pressure and improve performance
+ */
+
+class BufferPool {
+  constructor(options = {}) {
+    this.sizes = options.sizes || [64, 256, 1024, 4096, 16384, 65536];
+    this.maxPoolSize = options.maxPoolSize || 1000;
+    this.pools = new Map();
+    
+    // Initialize pools for each size
+    for (const size of this.sizes) {
+      this.pools.set(size, []);
+    }
+
+    this.stats = {
+      allocations: 0,
+      deallocations: 0,
+      hits: 0,
+      misses: 0
+    };
+  }
+
+  /**
+   * Find the best pool size for requested size
+   */
+  _findPoolSize(requestedSize) {
+    for (const size of this.sizes) {
+      if (size >= requestedSize) {
+        return size;
+      }
+    }
+    return null; // Too large for pooling
+  }
+
+  /**
+   * Acquire a buffer from the pool
+   * @param {number} size - Requested buffer size
+   * @param {boolean} unsafe - Use Buffer.allocUnsafe for performance (default: false)
+   * @returns {Buffer}
+   */
+  acquire(size, unsafe = false) {
+    this.stats.allocations++;
+
+    const poolSize = this._findPoolSize(size);
+    
+    // If size is too large or pooling disabled, allocate directly
+    if (!poolSize) {
+      this.stats.misses++;
+      return unsafe ? Buffer.allocUnsafe(size) : Buffer.alloc(size);
+    }
+
+    const pool = this.pools.get(poolSize);
+    
+    // Try to reuse from pool
+    if (pool.length > 0) {
+      this.stats.hits++;
+      const buffer = pool.pop();
+      // Return a slice of the exact requested size
+      return buffer.slice(0, size);
+    }
+
+    // Pool empty, allocate new buffer
+    this.stats.misses++;
+    return unsafe ? Buffer.allocUnsafe(poolSize) : Buffer.alloc(poolSize);
+  }
+
+  /**
+   * Release a buffer back to the pool
+   * @param {Buffer} buffer - Buffer to release
+   */
+  release(buffer) {
+    if (!Buffer.isBuffer(buffer)) {
+      return;
+    }
+
+    this.stats.deallocations++;
+
+    const size = buffer.length;
+    const poolSize = this._findPoolSize(size);
+
+    // Don't pool if size doesn't match or pool is full
+    if (!poolSize) {
+      return;
+    }
+
+    const pool = this.pools.get(poolSize);
+    
+    if (pool.length < this.maxPoolSize) {
+      // Expand buffer back to pool size if it was sliced
+      const poolBuffer = buffer.length === poolSize 
+        ? buffer 
+        : Buffer.allocUnsafe(poolSize);
+      
+      if (buffer.length !== poolSize) {
+        buffer.copy(poolBuffer);
+      }
+      
+      pool.push(poolBuffer);
+    }
+  }
+
+  /**
+   * Clear all pools
+   */
+  clear() {
+    for (const pool of this.pools.values()) {
+      pool.length = 0;
+    }
+  }
+
+  /**
+   * Get pool statistics
+   */
+  getStats() {
+    const poolStats = {};
+    for (const [size, pool] of this.pools.entries()) {
+      poolStats[`${size}B`] = pool.length;
+    }
+
+    return {
+      ...this.stats,
+      hitRate: this.stats.allocations > 0 
+        ? (this.stats.hits / this.stats.allocations * 100).toFixed(2) + '%'
+        : '0%',
+      pools: poolStats
+    };
+  }
+
+  /**
+   * Reset statistics
+   */
+  resetStats() {
+    this.stats = {
+      allocations: 0,
+      deallocations: 0,
+      hits: 0,
+      misses: 0
+    };
+  }
+}
+
+// Global buffer pool instance
+const globalPool = new BufferPool();
+
+module.exports = BufferPool;
+module.exports.globalPool = globalPool;